Hay
Sign in
Date
Feb. 5, 2025, 2:09 p.m.

Environment
qemu-armv7
qemu-x86_64 

[  145.300416] ==================================================================
[  145.301603] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xd8/0x1dc
[  145.302743] Write of size 128 at addr c4fd0000 by task kunit_try_catch/143
[  145.303509] 
[  145.303864] CPU: 0 PID: 143 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  145.304926] Hardware name: Generic DT based system
[  145.305561]  unwind_backtrace from show_stack+0x18/0x1c
[  145.306706]  show_stack from dump_stack_lvl+0x58/0x70
[  145.307439]  dump_stack_lvl from print_report+0x164/0x51c
[  145.308332]  print_report from kasan_report+0xc8/0x104
[  145.309198]  kasan_report from kasan_check_range+0x14c/0x198
[  145.309903]  kasan_check_range from __asan_memset+0x20/0x3c
[  145.310815]  __asan_memset from kmalloc_oob_in_memset+0xd8/0x1dc
[  145.311381]  kmalloc_oob_in_memset from kunit_try_run_case+0x11c/0x2e4
[  145.312257]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48
[  145.313214]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[  145.314087]  kthread from ret_from_fork+0x14/0x30
[  145.314719] Exception stack(0xf9f73fb0 to 0xf9f73ff8)
[  145.315362] 3fa0:                                     00000000 00000000 00000000 00000000
[  145.316504] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  145.317405] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  145.318098] 
[  145.318386] Allocated by task 143:
[  145.318742]  kasan_set_track+0x3c/0x5c
[  145.319370]  __kasan_kmalloc+0x8c/0x94
[  145.319834]  kmalloc_oob_in_memset+0xa0/0x1dc
[  145.320521]  kunit_try_run_case+0x11c/0x2e4
[  145.321006]  kunit_generic_run_threadfn_adapter+0x2c/0x48
[  145.321843]  kthread+0x184/0x1a8
[  145.322296]  ret_from_fork+0x14/0x30
[  145.322936] 
[  145.323177] The buggy address belongs to the object at c4fd0000
[  145.323177]  which belongs to the cache kmalloc-128 of size 128
[  145.324392] The buggy address is located 0 bytes inside of
[  145.324392]  allocated 120-byte region [c4fd0000, c4fd0078)
[  145.325816] 
[  145.326202] The buggy address belongs to the physical page:
[  145.326842] page:c1b69563 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44fd0
[  145.327692] flags: 0x800(slab|zone=0)
[  145.328226] page_type: 0xffffffff()
[  145.328638] raw: 00000800 c4801300 00000122 00000000 00000000 80100010 ffffffff 00000001
[  145.329605] raw: 00000000
[  145.329980] page dumped because: kasan: bad access detected
[  145.330621] 
[  145.330860] Memory state around the buggy address:
[  145.331495]  c4fcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.332186]  c4fcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.332902] >c4fd0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[  145.333439]                                                         ^
[  145.334325]  c4fd0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.334936]  c4fd0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.335942] ==================================================================
Metadata Full log Test run details 

[   48.063898] ==================================================================
[   48.065011] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xda/0x1e0
[   48.065615] Write of size 128 at addr ffff888102941d00 by task kunit_try_catch/166
[   48.066534] 
[   48.066943] CPU: 1 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[   48.067857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.068752] Call Trace:
[   48.069229]  <TASK>
[   48.069618]  dump_stack_lvl+0x4e/0x90
[   48.070311]  print_report+0xd2/0x660
[   48.070998]  ? __virt_addr_valid+0x156/0x1e0
[   48.071476]  ? kasan_complete_mode_report_info+0x2a/0x200
[   48.072208]  kasan_report+0xff/0x140
[   48.072997]  ? kmalloc_oob_in_memset+0xda/0x1e0
[   48.073585]  ? kmalloc_oob_in_memset+0xda/0x1e0
[   48.074275]  kasan_check_range+0x10c/0x1c0
[   48.074810]  __asan_memset+0x27/0x50
[   48.075296]  kmalloc_oob_in_memset+0xda/0x1e0
[   48.075776]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   48.076527]  ? __schedule+0x70b/0x1190
[   48.077215]  ? ktime_get_ts64+0x118/0x140
[   48.077973]  kunit_try_run_case+0x126/0x290
[   48.078711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   48.079299]  ? __kasan_check_write+0x18/0x20
[   48.079889]  ? trace_preempt_on+0x20/0xa0
[   48.080502]  ? __kthread_parkme+0x4f/0xd0
[   48.081115]  ? preempt_count_sub+0x50/0x80
[   48.081591]  ? __pfx_kunit_try_run_case+0x10/0x10
[   48.082184]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   48.083068]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   48.083781]  kthread+0x19e/0x1e0
[   48.084390]  ? __pfx_kthread+0x10/0x10
[   48.085092]  ret_from_fork+0x41/0x70
[   48.085669]  ? __pfx_kthread+0x10/0x10
[   48.086362]  ret_from_fork_asm+0x1b/0x30
[   48.086786]  </TASK>
[   48.087359] 
[   48.087633] Allocated by task 166:
[   48.088347]  kasan_save_stack+0x3c/0x60
[   48.088850]  kasan_set_track+0x29/0x40
[   48.089429]  kasan_save_alloc_info+0x22/0x30
[   48.090066]  __kasan_kmalloc+0xb7/0xc0
[   48.090543]  kmalloc_trace+0x4c/0xb0
[   48.091120]  kmalloc_oob_in_memset+0x9f/0x1e0
[   48.092345]  kunit_try_run_case+0x126/0x290
[   48.093499]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   48.094127]  kthread+0x19e/0x1e0
[   48.094663]  ret_from_fork+0x41/0x70
[   48.095173]  ret_from_fork_asm+0x1b/0x30
[   48.095625] 
[   48.095904] The buggy address belongs to the object at ffff888102941d00
[   48.095904]  which belongs to the cache kmalloc-128 of size 128
[   48.097003] The buggy address is located 0 bytes inside of
[   48.097003]  allocated 120-byte region [ffff888102941d00, ffff888102941d78)
[   48.098641] 
[   48.099025] The buggy address belongs to the physical page:
[   48.099558] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102941
[   48.100414] flags: 0x200000000000800(slab|node=0|zone=2)
[   48.100693] page_type: 0xffffffff()
[   48.101456] raw: 0200000000000800 ffff8881000418c0 dead000000000122 0000000000000000
[   48.102306] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   48.102630] page dumped because: kasan: bad access detected
[   48.103240] 
[   48.103520] Memory state around the buggy address:
[   48.104016]  ffff888102941c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.104620]  ffff888102941c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.105493] >ffff888102941d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   48.106319]                                                                 ^
[   48.107126]  ffff888102941d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.107772]  ffff888102941e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.108656] ==================================================================
Metadata Full log Test run details